This document describes the privacy policy for personal data processed by Confindustria Nautica, through the Confindustria Nautica (Italian Marine Industry Association) website, in its capacity as Data Controller pursuant to EU Regulation n. 2016/679 (hereinafter also referred to as the “Data Controller” or “CN”) and is aimed at describing how the personal data of users and visitors of this website are managed and at providing a general description of the personal data processing procedures.

The website you are browsing is owned by Confindustria Nautica (the Italian Marine Industry Association) and managed through the company  Fuoricentro Studio with the technical support of Net7 and is hosted at Siteground.

In order to get in touch with the Owner, based in Genoa, via San Nazaro 11, imply send an e-mail to the following address: info@confindustrianautica.net

The Data Controller has appointed its own DPO, Laura Marretta, who can be contacted at the following address: dpo@confindustrinautica.net

The Data Controller adopts, as required by art. 12 of EU Regulation n. 2016/679 (henceforth just GDPR), the following policy as a measure to provide the interested party, visitor/user of the site, with the information referred to in art 13 GDPR and the provisions referred to in articles 15 to 22 and 34 GDPR relating to the processing of personal data as provided. The information in this Privacy Policy describes how we collect, use and process your personal data, and how, in doing so, we provide services to you and fulfil our legal obligations to you.

The information below, as well as the information contained in the banners of Iubenda, is intended as general, provided to all those who interact with the site by carrying out a generic navigation, and contains the essential policies on how we process personal data; some specific information is also provided below, e.g. in the “contacts” and “associates” sections.

This policy does not apply to other websites that may be consulted through our links, for which the Controller is in no way responsible. In addition, our site uses social plug-ins (e.g. in connection with social networks such as Facebook, YouTube, Twitter, Google+, Pinterest and Instagram), for which the Controller is in no way responsible; therefore, please refer to the privacy policy of the owners of such plug-ins.

It is our practice to constantly update the site and adapt it to new legislation, therefore we may change this document and/or the privacy policy. For updates, please visit this page, where we will post any changes. If you have any questions or concerns regarding this privacy policy you may contact the DPO by writing to: dpo@confindustrianautica.net.

In order to avoid misunderstandings, here are a selection of definitions for terms used in this document for the sake of clarity:
• Personal data: “any information concerning an identified or identifiable natural person […]”;
• Processing: ‘any operation or set of operations […] applied to personal data or set of personal data’;
• Profiling: ‘any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person[…]’;
• Data subject: ‘the natural person to whom the personal data relate;
• Data Controller: ‘the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes of the processing […]’;
• Processor: “the natural or legal person, public authority, service or other body which processes personal data on behalf of the Controller”;
• Consent of the data subject: ‘any manifestation of the data subject’s free, specific, unambiguously informed will, whereby the data subject indicates his or her assent, by way of a statement or unambiguous affirmative action, to their personal data being processed’;

Data Processing Policy 

CN wishes to inform you, in accordance with the provisions of art. 13 GDPR, that the Personal Data you provide by entering into contact with the Data Controller by browsing this website or by filling in our online Forms, are all data that do not fall within the special categories of personal data as listed in art. 9 GDPR, (the “Data”), and are processed in accordance with the provisions of the GDPR. The processing is carried out on the basis of the conditions of lawfulness envisaged under art 6 GDPR, for the purposes inherent to the relationship established with the Data Controller, therefore, its legal basis as required under art 13 lett. c GDPR is justified by the reasons for which the relationship is established with the Controller, i.e. access as a visitor/user of the site, or the reason for which you send a data acquisition form filled in by you on this site or, after downloading it from this site you send it in order to take advantage of the service related to the form, and/or access it as an associate of CN in order to find information or in order to share the associative life and rules and to participate in all the activities and initiatives studied, produced and promoted by CN itself in favour of its associates.

The processing of the data conferred will include: management, organisation, use, storage, creation of databases, processing throughout the EU and non-EU territory (countries falling within the cases ex art 45 and 46 GDPR), carrying out anonymous statistics, consultation, processing, deletion, destruction and modification of the data processed following notification by the data subject.

On the basis of legitimate interest, when you give us your e-mail addresses, we will send you communications to promote CN, newsletters to let you know about our future initiatives and invite you to them or to send you promotional material to promote conventions and meetings (legal basis of soft marketing: legitimate interest of the Data Controller). You may object to this either by following the indications contained in the footer of the e-mails you receive or by writing to our DPO; where it is you who have requested the activation of certain services, or have expressly asked to receive marketing communications including communications from our partners, the legal basis of the Processing is your consent expressed directly online on the site and tracked and stored by us. Please note that the consent you give us is, however, revocable at any time either by writing to the DPO or by following the instructions in the footer of the communications. Some data may be shared with and/or communicated to I Saloni Nautici s.r.l., a company wholly controlled by the association, or to Bodies, Institutions, or the Italian Trade Agency (ICE – Agenzia) for institutional purposes; the data will also be processed by our authorised staff (employees or collaborators of the Data Controller) as well as other subjects involved in the organisation or maintenance of this Application or external subjects (such as third party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) appointed by the Data Controller as Data Processors.

We collect a limited amount of data from visitors to our website, which we use to improve your experience when using our site, and to manage the services we provide. This data includes information about how you use our website, how often you access our site, and when our site is most popular. Furthermore, we would like to remind you that when browsing the website you will be given the opportunity to contact the Data Controller, even by non-digital means and regardless of the contact area; in this case we will use the data provided to respond to your requests – in fact, we would like to remind you that if you contact us by e-mail, your optional sending of messages to the Data Controller’s contact addresses will entail the acquisition of the sender’s contact data, which are necessary to reply, as well as all the personal data included in the communications.

The Data Controller also reminds you that they use the data provided by you through the “Contact” area only for the purpose of replying to your request by filling in the form and subsequently forwarding it. The Data Controller will also send you marketing communications relating to the Association, to boating and its initiatives only following your explicit consent given at the end of the online form. The provision of data is optional, however, in the event of failure to provide or partial provision, requests forwarded to the Data Controller may be partially or completely unfulfilled; forwarding of requests to the Data Controller implies acceptance of this policy. The legal basis for this data processing is the consent that the data subject manifests and provides by sending the communication on which he/she wishes to receive feedback (legal basis: consent pursuant to Art. 4 para. 11). The legal basis for receiving marketing communications is the consent freely expressed by means of communicating as much when expressing consent on the online form, which can be revoked at any time by contacting the DPO. The data subject has the right to revoke the consent given at any time: revocation of consent does not affect the lawfulness of the processing based on the consent given before revocation (art 7 GDPR). The data will be kept to respond to your request and in the case of your consent to receive commercial communications only for the time necessary to fulfil the purpose of collection.

The Data Controller also reminds you that they will use the data provided by you via the “Join Now” area, to send you association membership forms or our newsletters or association brochures, or to respond to what you have requested in the event that we also contact you directly. The Data Controller will also send you marketing communications relating to the world of associations, boating and its initiatives only following your explicit consent given at the end of the online form. The provision of data is optional, however, in the event of a lack of or partial provision, the requests forwarded to the Controller may be partially or completely unfulfilled; forwarding the requests to the Controller implies acceptance of this policy. The legal basis for the processing is the consent that the data subject manifests and confers by sending the communication on which he/she wishes to receive feedback (legal basis: consent pursuant to Art. 4 paragraph 11). The legal basis for receiving Marketing communications is the consent freely expressed by means of communicating as much when expressing consent on the online form, which can be revoked at any time by contacting the DPO. The data subject has the right to revoke the consent given at any time: revocation of consent does not affect the lawfulness of the processing based on the consent given before revocation (art 7 GDPR). The data will be kept to respond to your request and in the case of your consent to receive commercial communications only for the time necessary to fulfil the purpose of collection.

By means of this online space and on this occasion we inform all interested parties, as required under art. 14 GDPR, that in some cases the Data Controller will have gathered data, as specified in cons. 61 u.c. GDPR, from various public sources such as newspapers, blogs, public directories, online searches, all data collected and processed considering the principle of purpose with the source from which the data was derived and all data not falling into the special categories of personal data as listed in Art. 9 GDPR. These pieces of data (personal details and email address) form part of the Data Controller’s database (the legal basis as required under Article 13 letter c GDPR is justified by the legitimate interest of the Data Controller under Article 6 paragraph f).

The data will be processed in paper and/or electronic format by individuals specifically authorised to do so. The provision of data is optional, except for those acquired automatically by the system (technical cookies), The Data Controllers do not carry out any processing based on automated decision-making processes. Data will be kept only for the time necessary to fulfil the purpose of collection.

We would like to remind you that the User’s Personal Data may also be used by the Data Controller in legal proceedings or in the preparatory stages to its possible establishment in order to defend against abuses in the use of this Application or related Services by the User. The User declares that he/she is aware that the Data Controller may be obliged to disclose the Data by order of public authorities, the data may be used to ascertain responsibility in the event of hypothetical criminal IT activities to the detriment of the site.

Personal Data may also be collected by using the following services and for related purposes:

Google reCAPTCHA (Google Ireland Limited)

Google re CAPTCHA is a SPAM protection service, which verifies that the user is not a machine, provided by Google Ireland Limited. Use of re CAPTCHA is subject to Google’s privacy policy and privacy policy e ai terms of use.

Personal Data processed: clicks; Usage Data; keypress events; motion sensor events; touch events; mouse movements; scrolling position; answers to questions; Tracking Tool.

Place of Processing: Ireland – Privacy Policy.

Matomo Be Compliant With Secure GDPR Analytics – Respect User-Privacy (matomo.org)

Matomo is a web analytics service provided that uses the Personal Data collected for the purpose of tracking and examining the use of this Website, compiling reports and sharing them with other developed services.

Personal data processed: Usage Data; Tracking Tool.

Google Fonts (Google Ireland Limited)

Google Fonts is a font style display service operated by Google Ireland Limited that allows this Web Site to integrate such content within its pages.

Personal data processed: Usage Data; Tracking Tool.

Place of processing: Ireland –Privacy Policy

IUBENDA

Iubenda s.r. l, Via San Raffaele, 1 – 20121 Milan (Italy), “Iubenda” Compliance solutions for websites, apps and organisations | iubenda , through the iubenda All-in-one Compliance – plugin for WordPress solution (iubenda All-in-one Compliance – plugin for WordPress) is used for cookies, to save your preferences in relation to consent given and to allow the display of banners and block scripts. The site Compliance solutions for websites, apps and organisations | iubenda under the relative headings may be consulted online, where all the information provided directly by iubenda is published.

The use of Cookies – or other tracking tools – by the Data Controller through this platform is for the purpose of providing the relevant Service as provided through the navigation platform, in addition to the further purposes described in this document and in the Cookie Policy available in the footer of the website’s home page.

We invite you to view our cookie policy for a complete overview of all the tools used on this site.

The data will be processed in paper and/or electronic format by individuals specifically authorised to process the data. The data will only be kept for the time necessary to fulfil the purpose of data collection.

Rights: The Data Controller also informs you that you are guaranteed the right of rectification as per Article 16 GDPR, the right to the deletion of personal data as per Article 17 GDPR, the right to restriction of processing as per Article 18 GDPR as well as the right of access to personal data provided and to all consequential information as listed under Article 15 GDPR.

You also have the right:

1) to request access to the personal data from the Data Controller and their rectification or erasure or the restriction of their processing;

2) to object to their processing;

3) to data portability pursuant to Article 20 GDPR;

4) where the processing is based on Article 6(1)(a) or Article 9(2)(a) to withdraw consent at any time without prejudice to the lawfulness

of the processing based on the consent given before the revocation;

5) to lodge a complaint with a supervisory authority

6) to be granted the rights referred to in Article 21 GDPR, including therefore the right to object at any time, on grounds relating to his or her particular situation, to the processing of Data in pursuit of the legitimate interests of the Controller

Exercising your rightso: to exercise the rights listed above or to obtain further information, simply send an e-mail to the following e-mail address: dpo@confindustrianautica.net indicating in the subject line: exercise of the rights under the GDPR and including in the body of the e-mail the right you wish to exercise. The Data Controller, once it has processed what it has received, will send a reply within the terms indicated in Article 12 GDPR.

We reserve the right to refuse to comply with your request only for any the following reasons:

  • to exercise the right to freedom of expression and information;
  • to comply with legal obligations or perform a task of public interest or exercise official authority;
  • for public health reasons in the public interest;
  • for archiving, research or statistical purposes, or to exercise or defend a legal right

In complying with a valid request for deletion of data, we will take all reasonably practicable steps to delete the data in question.

Data breach: In the event that the Data Controller suffers a breach as configured in articles 33/34 involving a risk for the rights and freedoms of individuals (data breach), they will take steps – where appropriate – to notify the Italian Data Protection Authority and communicate the incident to all those concerned

Browsing Data and Plug-Ins: The computer systems and software procedures used to operate this website acquire, during their normal operation, certain personal data the transmission of which is implicit in the use of Internet communication protocols. This category of data includes, for example, IP addresses, the date and time of access to the platform, the pages visited, and in general parameters relating to the User’s operating system and computer environment. Said data are used solely for the purpose of obtaining anonymous statistical information on the use of the site and to check its correct operation and are deleted immediately after processing. The site uses social plug-ins (e.g. in relation to social networks Linkedin, Instagram, Facebook, Twitter)), for which the Joint Owners are in no way responsible; therefore, please refer to the privacy policy of the Data Controllers of said plug-ins.

System logs and maintenance For operational and maintenance purposes, this Application and any third-party services used by it may collect system logs, i.e. files that record interactions and which may also contain Personal Data, such as the User’s IP address.

List of companies, trademarks, people in the organisational chart: this website also contains the companies that are members of the association, including through their distinctive logos and their data through which to enter into direct relations with them, as well as the people who make up the organisational chart; in this regard, the Data Controller, in line with the provisions of the Italian Data Protection Authority, points out that the personal data made public through the web page cannot be used by website users for purposes other than those that gave rise to their online publication. In fact, the circumstance that the e-mail address or other data may be known by a plurality of subjects does not make it freely usable for any kind of purposes; the Italian Data Protection Authority emphasises that the possible availability of data on the web must be ‘related to the purposes for which they are published on the web’ itself.

Photos and video recordings

The Data Controller reminds you that during the Events organized or promoted by the Data Controller, events open to the public or having public significance, photographs and audio/video recordings as well as interviews will be performed. These materials may be reproduced both in full and in partial and/or modified or adapted form on the institutional website, in journalistic articles (both paper and online) and on the Owner’s social networks to inform the sector public of the event itself, to the pursuit of the institutional, information and promotion purposes of the Data Controller . When taking the aforementioned photographs and/or audio-video recordings, all the regulatory provisions regarding the aforementioned activities carried out in places/events open to the public will be respected. It is confirmed to interested parties that all the images published will never be detrimental to the honor and decorum of the interested party and that no compensation will be paid for them.

If you do not wish to be photographed or videotaped during a conference, we invite you to take a seat in the marked area where photos and videotape will not be taken. If, on the other hand, you do not wish to be photographed or videotaped during a convivial event, we invite you  to notify us with at least one day before the date of the Event by writing to our DPO, Avv. Laura Marretta, at the e-mail address dpo@confindustrinautica.net; so as to address the point.

Except for the above, the event participant who takes amateur photographs/videos during the event must comply with the currently applicable legislation on the processing of personal data and must always only take photos/videos that are not harmful to the honor and decorum of the Event nor of its participants. Therefore, the Organizer has the right to distrust, at its sole discretion, the participant from using certain photos and/or images that could damage the image of the event itself or of the Owner.

Salvo quanto sopra, il partecipante all’evento che durante lo stesso dovesse eseguire fotografie/video amatoriali dovrà rispettare la normativa attualmente applicabile sul trattamento dei dati personali e dovrà sempre eseguire solo foto/video che non risultino lesivi dell’onore e del decoro dell’Evento né dei propri partecipanti. Resta quindi salva per l’Organizzatore la facoltà di poter diffidare, a proprio insindacabile giudizio, il partecipante dall’utilizzare determinate foto e/o immagini che possano ledere l’immagine dell’evento stesso o del Titolare.

The Data Controller undertakes both to reply to users who send communications by e-mail to the DPO, in order to investigate the problem reported, and to cooperate with the competent authorities, in order to settle any complaints concerning the processing of personal data that are not settled directly between the Data Controller and the individuals concerned.